FedEx has exposed private information of countless its customers as soon as the company left drivers licences and various sensitive data with a publicly?accessible Amazon S3 server. The server belonged to?Bongo International LLC, a service which enables you to US retailers in?performing shipping calculations and currency conversions, to assist sell products online to consumers around the globe. [Bongo was acquired by FedEx in 2014 additionally, the service was discontinued in April, 2017]
The exposure had been spotted by Kromtech Security Center, after which you can the provider scrambled to secure the publicly accessible server to offer the situation. “Among other items, it contained a lot more than 119 thousands of scanned documents people and international citizens, just like passports, driving licenses, security IDs etc. IDs were along with scanned “Applications for Delivery of Mail Through Agent” forms (PS Form 1583) – which contained names, home addresses, numbers and zipcodes,” the protection firm wrote.
RelatedLeaked Tools Show How NSA Pulls Back from Target Computers If They’re Already Hacked by Other Nations
The data was hosted on the password-less storage server that contained over 119,000 files. While most of records are on US nationals, the scanned IDs originated from a few other countries as well,?including?Canada, Australia, Saudi Arabia, Japan, China, Mexico, and several European union.
Scanned Canadian passport entirely on a server
The exposed data included thousands and thousands of scanned documents, including:
- Drivers’ licenses
- National ID cards
- Work ID cards
- Voting cards
- Utility bills
- Vehicle registration forms
- Medical insurance cards
- Firearms licenses
- US military?identification cards
- Credit cards (in most cases)
“After having a preliminary investigation, we can easily concur that some archived Bongo International account information positioned on a server hosted by way of third-party, public cloud provider is protected,” FedEx spokesperson said.
“Your data was element of an email finder service that was discontinued after our buying Bongo.”
It should be noted that the documents were dated between 2009 and 2012, well previous to FedEx’ acquiring Bongo. It remains unclear if ever the company was concious of this server. “This situation highlights precisely how important it truly is to audit digital assets any time a company acquires another and to be certain that customer information and facts are secured and effectively stored before, during, and after the sale,\” Kromtech said.
RelatedGet DJI Mavic Pro at Its Cheapest price? – Limited Units Only!
“Within the integration or migration phase is truly the best time to recognize any security and knowledge privacy risks.”
Kromtech warns that someone who used Bongo’s services between 2009 and 2012 should look into their identity compromised.
FedEx assures not wearing running shoes has “found no indication that any information has become misappropriated” and can update from thorough investigation.